The GAO team was able to tap into the data without authorization, and gleaned information such as bank account holders’ names, social security numbers, transaction values, and any suspected terrorist activity. It said the data was at serious risk of disclosure, modification or destruction. — Reuters

It is not known whether the data was actually compromised by outsiders; only that GAO’s testing revealed it could be compromised. The IRS is currently investigating whether any actual breaches took place.

In addition to taxpayer data such as income tax returns, the IRS also stores Financial Crimes Enforcement Network (FinCEN) suspicious activity reports. Under the Bank Secrecy Act, financial institutions are required to report any transactions they believe could be linked to terrorism or money laundering — in reality, anything over $10,000 will be reported, and many transactions under $10,000 will also be reported. Few if any of these reports have anything to do with terrorism or money laundering or any other crime.

Government computer security has been abysmal for as long as I can remember, and this is just the latest in a long line of threats. Anybody could just waltz right in to the IRS computer systems and walk out with data on virtually anyone, and most people have no idea what much of that data even is. This sort of vulnerability isn’t unique to the IRS; it plagues all sections of government despite many dollars and man-hours of work thrown at the problem.